Skip to content

Commit

Permalink
SNOW-921006 Add ECDSA tests on wiremock (#1328)
Browse files Browse the repository at this point in the history
  • Loading branch information
@sfc-gh-pfus
sfc-gh-pfus authored Mar 7, 2025
1 parent f388736 commit f5582f4
Show file tree
Hide file tree
Showing 10 changed files with 90 additions and 3 deletions.
26 changes: 26 additions & 0 deletions .github/workflows/build-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,3 +138,29 @@ jobs:
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODE_COV_UPLOAD_TOKEN }}
ecc:
runs-on: ubuntu-latest
strategy:
fail-fast: false
name: Ecliptic curves check
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4 # for wiremock
with:
java-version: 17
distribution: 'temurin'
- name: Setup go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go }}
- name: Test
shell: bash
env:
PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
CLOUD_PROVIDER: ${{ matrix.cloud }}
GORACE: history_size=7
GO_TEST_PARAMS: ${{ inputs.goTestParams }} -run TestQueryViaHttps
WIREMOCK_PORT: 14335
WIREMOCK_HTTPS_PORT: 13567
WIREMOCK_ENABLE_ECDSA: true
run: ./ci/test.sh
10 changes: 10 additions & 0 deletions ci/scripts/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,14 @@ Password for CA is `password`.

```bash
openssl x509 -req -in wiremock.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out wiremock.crt -days 365 -sha256 -extfile wiremock.v3.ext
openssl pkcs12 -export -out wiremock.p12 -inkey wiremock.key -in wiremock.crt
```

# Refreshing ECDSA cert

When asked for Common Name, use `localhost`.

```bash
openssl req -new -x509 -key wiremock-ecdsa.key -out wiremock-ecdsa.crt -days 365
openssl pkcs12 -export -inkey wiremock-ecdsa.key -in wiremock-ecdsa.crt -out wiremock-ecdsa.p12
```
2 changes: 1 addition & 1 deletion ci/scripts/ca.srl
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
54587BDD05D4BE6A6D8852CA7FDB421189EA1C67
54587BDD05D4BE6A6D8852CA7FDB421189EA1C69
10 changes: 9 additions & 1 deletion ci/scripts/run_wiremock.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,16 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

cd $SCRIPT_DIR

if [[ "$1" == "--ecdsa" || "$WIREMOCK_ENABLE_ECDSA" == "true" ]] ; then
echo "Using ecliptic curves"
pfxFile="$SCRIPT_DIR/wiremock-ecdsa.p12"
else
echo "Using RSA"
pfxFile="$SCRIPT_DIR/wiremock.p12"
fi

if [ ! -f "$SCRIPT_DIR/wiremock-standalone-3.11.0.jar" ]; then
curl -O https://repo1.maven.org/maven2/org/wiremock/wiremock-standalone/3.11.0/wiremock-standalone-3.11.0.jar
fi

java -jar "$SCRIPT_DIR/wiremock-standalone-3.11.0.jar" --verbose --port ${WIREMOCK_PORT:=14355} --https-port ${WIREMOCK_HTTPS_PORT:=13567} --https-keystore "$SCRIPT_DIR/wiremock.p12" --keystore-type PKCS12 --keystore-password password
java -jar "$SCRIPT_DIR/wiremock-standalone-3.11.0.jar" --verbose --port ${WIREMOCK_PORT:=14355} --https-port ${WIREMOCK_HTTPS_PORT:=13567} --https-keystore "$pfxFile" --keystore-type PKCS12 --keystore-password password
4 changes: 4 additions & 0 deletions ci/scripts/wiremock-ecdsa-pub.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEX3j37DbAKoO6Cwn0TsoMcsVXEF52
lDa2tEHX2kMoxLExE4cgBipPyHgwNEblfAbaA1eC03fytJZw0wd08GvA+Q==
-----END PUBLIC KEY-----
24 changes: 24 additions & 0 deletions ci/scripts/wiremock-ecdsa.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEFzCCAf+gAwIBAgIUVFh73QXUvmptiFLKf9tCEYnqHGkwDQYJKoZIhvcNAQEL
BQAwezELMAkGA1UEBhMCUEwxFDASBgNVBAgMC01hem93aWVja2llMQ8wDQYDVQQH
DAZXYXJzYXcxEjAQBgNVBAoMCVNub3dmbGFrZTEQMA4GA1UECwwHRHJpdmVyczEf
MB0GA1UEAwwWU25vd2ZsYWtlIHRlc3QgUm9vdCBDQTAeFw0yNTAzMDYxMjM1MjJa
Fw0yNjAzMDYxMjM1MjJaMG4xCzAJBgNVBAYTAlBMMRQwEgYDVQQIDAtNYXpvd2ll
Y2tpZTEPMA0GA1UEBwwGV2Fyc2F3MRIwEAYDVQQKDAlTbm93Zmxha2UxEDAOBgNV
BAsMB0RyaXZlcnMxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqG
SM49AwEHA0IABF949+w2wCqDugsJ9E7KDHLFVxBedpQ2trRB19pDKMSxMROHIAYq
T8h4MDRG5XwG2gNXgtN38rSWcNMHdPBrwPmjazBpMB8GA1UdIwQYMBaAFNBlcqId
rN8OSmvMp5ZbwKR7RYegMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgTwMA8GA1UdEQQI
MAaHBH8AAAEwHQYDVR0OBBYEFAW3l1QNa8LwvTdTAx9NuD03gHZPMA0GCSqGSIb3
DQEBCwUAA4ICAQAbH3Wbh9GHfb0DEKXvgzNrLExh5l4qo/1RGio7+WqdE3LMBGbH
SF/Y7+Kz+m8PxkuxUKNtRT7JxQjRLwGWHjXpowtuc/JoTOw/1pzMmpJaDsMzhjiw
JhGqGwBy9yqX0524ek/IuMxmZT1rvTjCtFndlQmp5W3nHLt0cwHJC4mUzBI0vyDR
29RKch+q01APLwZQBp+HwL95K+e1iXBs/kViYLXvtC2Vhw/caZwYNzZKM/HEjHdM
5XUkklX9UA08G1xbt4uRjugnXBWMYkQyoivTl+DmOIeEQAzymLZzQUZr0fwMoeBK
mYMjBjzxCZFqJyx3I2e+0hxBXURviGJZhYN53TzEIbaXD/XC8c/FulQ9+EEhw6mZ
BhRJ5jTWV1i4puPZDAnDaR9VtftF0KdIFDG4kQpP3VG/oMYGXrRpA3LYLCy80oCr
kbIOPFMeVLUooeRMG7mgNmAYLWuWxPPSxpB8f3ID0n+wvdeMgAacNYuCRU0NV2CN
XhVpH7jKP7q6th63ICwKpUI5wCl8fqoqwK35NqqZdbyfK1RAL/MlNLlmP1WvEesb
K8x0PDpHxWA3AVf+DPlByBPKLfbnQmZ7siLmfwQyyNWw012ECzP4tmdCP5I+uih4
YeAMw2hQ4C53XjoDEp50gq0WHBcvgWagKP+oRD9oTtwHs1NEWU4EAst5Zg==
-----END CERTIFICATE-----
9 changes: 9 additions & 0 deletions ci/scripts/wiremock-ecdsa.csr
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBJzCB0AIBADBuMQswCQYDVQQGEwJQTDEUMBIGA1UECAwLTWF6b3dpZWNraWUx
DzANBgNVBAcMBldhcnNhdzESMBAGA1UECgwJU25vd2ZsYWtlMRAwDgYDVQQLDAdE
cml2ZXJzMRIwEAYDVQQDDAlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAARfePfsNsAqg7oLCfROygxyxVcQXnaUNra0QdfaQyjEsTEThyAGKk/IeDA0
RuV8BtoDV4LTd/K0lnDTB3Twa8D5oAAwCgYIKoZIzj0EAwIDRgAwQwIfRCKhyzAm
JTJjDCHPT+MYDwnPDuxvSnuJ3MRspW18ZAIgQDEOowXcfkoB4flhxnwxY+UMLn4h
MDCOjAbVcJQFGVE=
-----END CERTIFICATE REQUEST-----
5 changes: 5 additions & 0 deletions ci/scripts/wiremock-ecdsa.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIOSKn4RQ5lJbhkMaZpofTq+8T3U1F4JlNAOJDom4fbAFoAoGCCqGSM49
AwEHoUQDQgAEX3j37DbAKoO6Cwn0TsoMcsVXEF52lDa2tEHX2kMoxLExE4cgBipP
yHgwNEblfAbaA1eC03fytJZw0wd08GvA+Q==
-----END EC PRIVATE KEY-----
Binary file added ci/scripts/wiremock-ecdsa.p12
View file
Binary file not shown.
3 changes: 2 additions & 1 deletion wiremock_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,8 @@ func TestQueryViaHttps(t *testing.T) {
testCertPool.AddCert(certificate)
cfg.Transporter = &http.Transport{
TLSClientConfig: &tls.Config{
RootCAs: testCertPool,
RootCAs: testCertPool,
VerifyPeerCertificate: verifyPeerCertificateSerial,
},
}
connector := NewConnector(SnowflakeDriver{}, *cfg)
Expand Down

0 comments on commit f5582f4

Please sign in to comment.